CVE-2025-8072 Target Video Easy Publish <= 3.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via placeholder_img Parameter

The Target Video Easy Publish plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘placeholderimg’ parameter in all versions up to, and including, 3.8.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress Peer Publish plugin Cross-Site Request Forgery Vulnerability

The WordPress Peer Publish plugin is a tool for multi-author collaboration that allows users to submit posts to a WordPress blog for review and publication by other users. A cross-site request forgery vulnerability exists in WordPress Peer Publish plugin, which stems from a lack of random number...

CVE-2025-12587

The Peer Publish plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the website management pages. This makes it possible for unauthenticated attackers to add, modify, or delete website configuratio...

CVE-2025-12587 Peer Publish <= 1.0 - Cross-Site Request Forgery

The Peer Publish plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the website management pages. This makes it possible for unauthenticated attackers to add, modify, or delete website configuratio...

MAL-2025-187403 Malicious code in hydra-publish-filament-prettier-plugin-markdown (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a2aa39d2cf73e1508204d2e22e08291cfcfeb4fdecb5a627d7b869aca7ae494c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2025-64150

A missing permission check in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

EUVD-2023-51369

Malicious code in bioql PyPI...

CVE-2024-13561

The Target Video Easy Publish plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bridoverrideyt shortcode in all versions up to, and including, 3.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

cn.bestwu.groovy-publish:cn.bestwu.groovy-publish.gradle.plugin (=0.0.31), cn.bestwu.kotlin-publish:cn.bestwu.kotlin-publish.gradle.plugin (=0.0.31) +16 more potentially affected by CVE-2020-7599 via com.gradle.publish:plugin-publish-plugin (>=0.10.0 <=0.10.1)

com.gradle.publish:plugin-publish-plugin MAVEN version =0.10.0, =0.10.0, =9.1.1, =1.2.0, =0.3, =0.3, =9.1.1, =1.2.0, =0.14.0, =0.14.0, =0.16.0, =0.32.0 and more Source cves: CVE-2020-7599 Source advisory: OSV:GHSA-CV78-V957-JX34https://vulners.com/osv/OSV:GH...